🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
2 JanPoC Exploit Released For Critical Windows LDAP RCE VulnerabilityThe CVE-2024-49112 vulnerability in Windows LDAP allows remote code execution on unpatched Domain Controllers, as a zero-click exploit leverages this by crafting malicious LDAP requests, which, sent without any user interaction, exploit a memory corruption vulnerability within th…GBHACKERS.COM
2 JanLDAPNightmare: SafeBreach Publishes First PoC Exploit (CVE-2024-49113)submitted by kid to cybersecurity 10 points | 0 comments https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49112/SH.ITJUST.WORKS
⚠️ VULNERABILITY DISCLOSURE 13[−]
2 Jan KEVD-Link Warns of Botnets Exploiting End-of-Life RoutersD-Link warned users of several legacy router models about known vulnerabilities actively exploited by botnets. These devices, which have reached End-of-Life (EOL) and End-of-Service (EOS), are at heightened risk of being targeted by malware strains known as “Ficora” a…GBHACKERS.COM
2 JanCISO – Traumjob oder eher Albtraumloading="lazy" width="400px"> Der CISO-Job kann auch zu einem Albtraum werden – gerade wenn die Unterstützung und das Budget fehlt. Toma Stepunina – shutterstock.com „Die Rolle des CISO (Chief Information Security Office) ist nicht erstrebenswert“ – so lautet eine der zentralen T…CSOONLINE.COM
2 JanNew DoubleClickjacking attack exploits double-clicks to hijack accountsA new variation of clickjacking attacks called "DoubleClickjacking" lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. [...]BLEEPINGCOMPUTER.COM
2 JanChinese hackers targeted sanctions office in Treasury attackChinese state-backed hackers have reportedly breached the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs. [...]BLEEPINGCOMPUTER.COM
2 JanSevere Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web APIDetails have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three s…THEHACKERNEWS.COM
2 JanCross-Domain Attacks: A Growing Threat to Modern Security and How to Combat ThemIn the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move…THEHACKERNEWS.COM
2 JanMalicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RATCybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems. T…THEHACKERNEWS.COM
2 JanTax-Themed Phishing Campaign Delivers Malware Via Microsoft Management Console FilesSecuronix warns that tax-themed phishing emails are attempting to deliver malware via Microsoft Management Console (MSC) files.KNOWBE4.COM
2 JanVolkswagen massive data leak caused by a failure to secure AWS credentialsA failure to properly protect access to its AWS environment is one of the root causes of the recent massive Volkswagen data leak, according to a presentation on the incident at the Chaos Computer Club on Dec. 27. But the security analyst who helped expose the leak said the $351 b…CSOONLINE.COM
2 JanMicrosoft Sentinel: A cloud-native SIEM with integrated GenAIIn a recent survey, 74% of cybersecurity professionals said that the threat landscape is the worst they’ve seen in 5 years. 1 Escalating cyber threats, an expanding attack surface, and staffing shortages are putting tremendous pressure on the security operations center (SOC). It’…CSOONLINE.COM
2 JanUS soldier linked to Trump call log hack arrested in TexasCourt documents unsealed Monday show that US authorities have arrested a 20-year-old soldier, Cameron John Wagenius, charged with two counts of selling or attempting to sell confidential phone records without the customer’s authorization. But behind the scant details provided in …CSOONLINE.COM
2 Jan12 best entry-level cybersecurity certificationsA UC Berkeley professor recently made headlines when he stated that even his computer science graduates with a perfect 4.0 grade point average were failing to land jobs . Such is the labor market in the AI era. With AI coding assistants in wide use, junior developer roles are in …CSOONLINE.COM
2 JanSquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major BreachSquareX , an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over the Chrome Extension from the Chrome Store. On December …CSOONLINE.COM
📢 SECURITY ADVISORIES 1[−]
2 JanPreparing for the future of data privacyThe focus on data privacy started to quickly shift beyond compliance in recent years and is expected to move even faster in the near future. Not surprisingly, the Thomson Reuters Risk & Compliance Survey Report found that 82% of respondents cited data and cybersecurity concer…SECURITYINTELLIGENCE.COM
🔥 INCIDENT REPORTING 2[−]
2 JanRansomware gang leaks data stolen in Rhode Island's RIBridges BreachThe Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island's "RIBridges" social services platform. [...]BLEEPINGCOMPUTER.COM
2 JanChinese government hackers reportedly targeted US Treasury’s sanctions office during December cyberattackChinese government hackers targeted the U.S. Treasury’s highly sensitive sanctions office during a December cyberattack, according to reports. According to The Washington Post, the state-sponsored hackers targeted the Office of Foreign Assets Control (OFAC), a government departme…TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 8[−]
2 JanGoogle Is Allowing Device FingerprintingLukasz Olejnik writes about device fingerprinting, and why Google’s policy change to allow it in 2025 is a major privacy setback.SCHNEIER.COM
2 JanUS Arrests Army Soldier Over AT&T, Verizon HackingUS soldier Cameron John Wagenius was arrested and charged over his suspected connection to presidential phone records leaks. The post US Arrests Army Soldier Over AT&T, Verizon Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
2 JanThree Russian-German Nationals Charged with Espionage for Russian Secret ServiceGerman prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in…THEHACKERNEWS.COM
2 JanNew PLAYFULGHOST Malware Hacking Devices To Remotely Capture Audio RecordingsPLAYFULGHOST, a Gh0st RAT variant, leverages distinct traffic patterns and encryption, which spread via phishing emails and SEO poisoning of bundled applications, enabling keylogging, screen capture, and other malicious remote access capabilities. A phishing campaign employed a .…GBHACKERS.COM
2 JanResearchers Uncover Phishing-As-A-Service Domains Associated With Tycoon 2FAThe Tycoon 2FA platform is a Phishing-as-a-Service (PhaaS) tool that enables cybercriminals to easily launch sophisticated phishing attacks targeting two-factor authentication (2FA). It provides a service that simplifies the process for attackers. and offers an intuitive in…GBHACKERS.COM
2 JanWindows 11 BitLocker Encryption Bypassed to Extract Full Volume Encryption KeysA cybersecurity researcher has demonstrated a method to bypass BitLocker encryption on Windows 11 (version 24H2) by extracting full volume encryption keys (FVEK) from memory. Using a custom-built tool named Memory-Dump-UEFI, the researcher was able to retrieve sensitive cryp…GBHACKERS.COM
2 JanSmuggleShield – Browser Extension to Detect HTML Smuggling AttacksSmuggleShield, a recently launched browser extension, is gaining attention in the cybersecurity space for its innovative approach to mitigating HTML smuggling attacks. With its stable version (2.0) now available, SmuggleShield provides an additional layer of protection for everyd…GBHACKERS.COM
2 JanBreaking Encryption: How To Prepare For Tomorrow's Quantum Risk TodayThere’s a growing threat looming over our collective privacy and security — and that’s quantum computing. The post Breaking Encryption: How To Prepare For Tomorrow's Quantum Risk Today appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
2 JanFrom AI Hype to Global Chaos: What Happened in 2024?2024 was a whirlwind of change. From AI dominating every discussion to global conflicts and economic instability, it felt like the world was flipping upside down. Mass layoffs, political chaos, and technological shifts shaped this year into one we’ll never forget. But amidst the …YOUTUBE.COM
📡 INFOSEC NEWS 8[−]
2 JanOver 3 million mail servers without encryption exposed to sniffing attacksOver three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. [...]BLEEPINGCOMPUTER.COM
2 JanGoodware Hash Sets, (Thu, Jan 2nd)In the cybersecurity landscape, we all need hashes! A hash is the result of applying a special mathematical function (a “hash functionâ€) that transforms an input (such as a file or a piece of text) into a fixed-size string or number. Th…ISC.SANS.EDU
2 JanNew details emerge in Cybertruck explosion outside Trump hotel in Vegas that left 1 dead, 7 injuredA Tesla Cybertruck that exploded and burst into flames Wednesday morning just outside the Trump International Hotel Las Vegas has left one person dead and seven people injured, according to the Las Vegas Metropolitan Police Department (LVMPD). Matthew Alan Livelsberger, a 37-year…TECHCRUNCH.COM
2 JanFireside chat with Graham Cluley about risks of AI adoption in 2025Join me, and the experts from Rubrik, on Weds January 15 2025, where we’ll be having a fireside chat with Dark Reading all about the known and unknown risks of adopting AI.GRAHAMCLULEY.COM
2 JanDownload the Hot IT Certifications Enterprise SpotlightDownload the January 2025 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World.US.RESOURCES.CSOONLINE.COM
2 JanDownload our security orchestration, automation, and remediation (SOAR) tools buyer’s guideFrom the editors of CSO, this enterprise buyer’s guide helps IT security staff understand what SOAR can do for their organizations and how to choose the right solution.US.RESOURCES.CSOONLINE.COM
2 JanCould Your Life Be On Someone’s Hard Drive? 😨🔍Could your life be sitting on someone else's hard drive? 😱💻 In this short, we uncover the shocking truths hidden on used hard drives purchased online. From personal photos to sensitive documents, the risks are real and alarming. Hackers, cybersecurity pros, and anyone with old te…YOUTUBE.COM
2 JanAI Trolls Scammers for Hours! 😂What if an AI could outsmart phone scammers and waste their time for hours? Meet the hilarious AI “grandma” that keeps scammers on the line with endless confusion and random stories! This is one of the coolest uses of deepfake technology – turning a scammer’s bad intentions into …YOUTUBE.COM